--- slurm-17.02.7/src/salloc/salloc.c	2017-08-14 13:48:43.000000000 -0400
+++ slurm-17.02.7/src/salloc/salloc.c.new	2017-08-23 00:07:22.759099425 -0400
@@ -42,6 +42,7 @@
 
 #include <dirent.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <pwd.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -298,13 +299,27 @@
 	if (_fill_job_desc_from_opts(&desc) == -1) {
 		exit(error_exit);
 	}
-	if (opt.gid != (gid_t) -1) {
+
+	/* If the requested gid is different than ours, become that gid */
+	if ((getgid() != opt.gid) && (opt.gid != (gid_t) -1)) {
 		if (setgid(opt.gid) < 0) {
 			error("setgid: %m");
 			exit(error_exit);
 		}
 	}
 
+	/* If the requested uid is different than ours, become that uid */
+	if ((getuid() != opt.uid) && (opt.uid != (uid_t) -1)) {
+		if (setgroups(0, NULL) < 0) {
+			error("setgroups: %m");
+			exit(error_exit);
+		}
+		if (setuid(opt.uid) < 0) {
+			error("setuid: %m");
+			exit(error_exit);
+		}
+	}
+
 	callbacks.ping = _ping_handler;
 	callbacks.timeout = _timeout_handler;
 	callbacks.job_complete = _job_complete_handler;
@@ -333,13 +348,6 @@
 		sleep (++retries);
 	}
 
-	/* become the user after the allocation has been requested. */
-	if (opt.uid != (uid_t) -1) {
-		if (setuid(opt.uid) < 0) {
-			error("setuid: %m");
-			exit(error_exit);
-		}
-	}
 	if (alloc == NULL) {
 		if (allocation_interrupted) {
 			/* cancelled by signal */